Who's trusting what in "trusted computing"


May not be what it sounds like

"Trusted computing" is a marvelous bit of marketing weasel-speak. I mean, who wouldn't want to trust their computer more? I know several people whose computers can't be trusted to get through the day without falling over at least once. Alas, that's not the kind of trust that trusted computing refers to. The Trusted Computing Group's "backgrounder " (warning, as is often the case with tedious documents, it's a PDF) says (p. 6):

    As an example, per TCG PC Specific Implementation Specification
    v.1.0, the CRTM for PCs is the BIOS or BIOS boot block and the BIOS
    is required to load HASHES of pre-boot information into various
    PCRs of the TPM. This establishes the "anchor" for the chain of trust
    and the basis for platform integrity metrics. This can be used to
    validate that the platform configuration has not changed and that the
    BIOS has not been changed by malicious code such as a Trojan
    horse. While not required, verifiable attestation of the platform
    configuration can be extended by a chain of trust to the boot loader,
    operating system, and applications if software support for this is
    provided. TCG does not provide specifications for how this is
    accomplished, as this is under the control of these software suppliers.

Un-obfuscated, that means that when you turn on a computer that conforms to their specification, the first thing that happens is that some hardware gets to decide if the BIOS gets to run. In order to be acceptable, the BIOS is likely to need to be cryptographically signed with some particular secret key by the people who wrote it. The BIOS then becomes trusted and can choose to load only an operating system that has been similarly cryptographically signed. The operating system can choose to run only programs that have also been cryptographically signed. All this is couched in terms of "opt-in" and larded with "may"s but it's easy enough to see where this is going: your computer's ROMs would be picky about what operating system their code was willing to pass control to. And your operating system could be picky about what programs it was willing to run. That might increase security slightly since it's unlikely that a virus would be signed by Microsoft, but it's an even better way to reduce choice.

In general, elaborate restrictions of this sort cause users more problems than they solve. Such a system would be sufficiently elaborate that it's virtually certain that there would be flaws in its implementation and quite possibly errors or limitations in its design. The bad guys would go to the trouble of finding and exploiting those errors and limitations and the ordinary users would be left with less choice of software. So "trusted computing" doesn't mean that you can trust your computer to do what you want, but rather that the software publishers can trust your computer to do what they want.

Microsoft's somewhat different trusted computing project used to be called Palladium but they changed the name to "Next-Generation Secure Computing Base", presumably to make it less memorable. "Palladium sucks" has a ring to it that "NGSCB sucks" just doesn't have.

Here's a bit from Microsoft's NGSCB FAQ:

    Q:  I have heard that NGSCB will force people to run only
    Microsoft-approved software.

    A:  This is simply not true. The nexus-aware security chip (the SSC)
    and other NGSCB features are not involved in the boot process of the
    operating system or in its decision to load an application that does not
    use the nexus. Because the nexus is not involved in the boot process,
    it cannot block an operating system or drivers or any nexus-unaware
    PC application from running.

That's fine as far as it goes, but Microsoft's claim that they're only interested in the OS and not in the boot process matches up surprisingly well with the Trusted Computing Group's claim that they're only interested in the boot process and not in the OS. Indeed, one looks pretty useless without the other; for the OS to trust what the underlying hardware tells it, it would want a trusted BIOS. And a trusted BIOS isn't of much use alone. Indeed, in the same FAQ Microsoft says a little later:

    Q:  How is NGSCB related to the Trusted Computing Group (TCG) and
    the Trusted Computing Platform Alliance (TCPA)?

    A: ... Microsoft is a founding member of TCG and anticipates that some
    of the industry standards being developed by the group will be
    incorporated into NGSCB.

It seems that that convenient match-up may not be a coincidence.

It may be that it's only some future version of Windows Media Player that will say "I don't trust your system" and refuse to run. But on past form, people betting on the most benign interpretation are likely to be disappointed.

For myself, I'm not interested in anyone but me deciding what programs will run on hardware that I pay for. I'm very ready to deal only with publishers who trust me rather than my hardware.

Posted: Sat - December 13, 2003 at 07:00   Main   Category: 

©